The makers of the Evernote app have confirmed that their networks were breached in an attack by hackers. They notified their 50 million users about the successful cyberattack, reset everyone’s passwords and updated the Evernote software.
The Washington Post’s Hayley Tsukayama reported, “Evernote, the productivity service that allows people to take notes, clip articles and view them on a range of devices, told users that it had been hacked Saturday. As a result of the hack, which the company said leaked user e-mails and encrypted passwords, the company decided to reset the passwords of its entire userbase — estimated to be around 50 million.”
According to Jim Finkle with Reuters, “Evernote spokeswoman Ronda Scott said via email on Saturday that the attack ‘follows a similar pattern’ to other cyber attacks on Internet-based companies in recent weeks, but she did not elaborate. ‘In our security investigation, we have found no evidence that any of the content you store in Evernote was accessed, changed or lost,’ the company said on its website. ‘We also have no evidence that any payment information for Evernote Premium or Evernote Business customers was accessed.'”
PCWorld’s John P. Mello Jr. added, “After it reset the passwords of some 50 million users, Evernote pushed updates to all its software products, according to a company spokesperson. ‘We released updated versions of our applications across the board… to add messaging to alert users to update their accounts with new, secure passwords and to make this process easier,’ Evernote’s Ronda Scott said in an email. ‘This is the only change we have made to the Evernote clients in reaction to this attack,’ she added.”
CNN quoted security analyst Graham Cluley, who blogged, “What’s not good news is that the hackers now have access to the usernames and email addresses of Evernote customers. It is easy to imagine how this information could be abused — for instance, the hackers could send out spam emails to those users claiming to come from Evernote, and trick them into visiting a malicious website. And, of course, it’s another cautionary tale about the risks which can exist with trusting the cloud to look after your personal information.”